package org.pac4j.saml.crypto;

import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Enumeration;
import java.util.HashMap;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.impl.KeyStoreCredentialResolver;
import org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.saml.config.SAML2Configuration;
import org.pac4j.saml.exceptions.SAMLException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-5.4.6.jar:org/pac4j/saml/crypto/KeyStoreCredentialProvider.class */
public class KeyStoreCredentialProvider implements CredentialProvider {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) KeyStoreCredentialProvider.class);
    private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    private final CredentialResolver credentialResolver;
    private final String privateKeyAlias;

    public KeyStoreCredentialProvider(SAML2Configuration sAML2Configuration) {
        CommonHelper.assertNotBlank("keystorePassword", sAML2Configuration.getPrivateKeyPassword());
        CommonHelper.assertNotBlank("privateKeyPassword", sAML2Configuration.getPrivateKeyPassword());
        try {
            InputStream retrieve = sAML2Configuration.getKeystoreGenerator().retrieve();
            try {
                KeyStore loadKeyStore = loadKeyStore(retrieve, sAML2Configuration.getKeystorePassword(), sAML2Configuration.getKeyStoreType() == null ? DEFAULT_KEYSTORE_TYPE : sAML2Configuration.getKeyStoreType());
                this.privateKeyAlias = getPrivateKeyAlias(loadKeyStore, sAML2Configuration.getKeyStoreAlias());
                HashMap hashMap = new HashMap();
                hashMap.put(this.privateKeyAlias, sAML2Configuration.getPrivateKeyPassword());
                this.credentialResolver = new KeyStoreCredentialResolver(loadKeyStore, hashMap);
                if (retrieve != null) {
                    retrieve.close();
                }
            } finally {
            }
        } catch (Exception e) {
            throw new SAMLException("Error loading keystore", e);
        }
    }

    private static KeyStore loadKeyStore(InputStream inputStream, String str, String str2) {
        try {
            logger.debug("Loading keystore with type {}", str2);
            KeyStore keyStore = KeyStore.getInstance(str2);
            keyStore.load(inputStream, str == null ? null : str.toCharArray());
            logger.debug("Loaded keystore with type {} with size {}", str2, Integer.valueOf(keyStore.size()));
            return keyStore;
        } catch (Exception e) {
            throw new SAMLException("Error loading keystore", e);
        }
    }

    protected static String getPrivateKeyAlias(KeyStore keyStore, String str) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (str != null) {
                    if (nextElement.equalsIgnoreCase(str)) {
                        return nextElement;
                    }
                } else if (keyStore.entryInstanceOf(nextElement, KeyStore.PrivateKeyEntry.class)) {
                    return nextElement;
                }
            }
            throw new SAMLException("Keystore has no private keys to match the requested key alias " + str);
        } catch (KeyStoreException e) {
            throw new SAMLException("Unable to get aliases from keyStore", e);
        }
    }

    @Override // org.pac4j.saml.crypto.CredentialProvider
    public KeyInfo getKeyInfo() {
        return generateKeyInfoForCredential(getCredential());
    }

    @Override // org.pac4j.saml.crypto.CredentialProvider
    public final CredentialResolver getCredentialResolver() {
        return this.credentialResolver;
    }

    @Override // org.pac4j.saml.crypto.CredentialProvider
    public KeyInfoCredentialResolver getKeyInfoCredentialResolver() {
        return DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver();
    }

    @Override // org.pac4j.saml.crypto.CredentialProvider
    public final KeyInfoGenerator getKeyInfoGenerator() {
        NamedKeyInfoGeneratorManager buildBasicKeyInfoGeneratorManager = DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager();
        return buildBasicKeyInfoGeneratorManager.getDefaultManager().getFactory(getCredential()).newInstance();
    }

    @Override // org.pac4j.saml.crypto.CredentialProvider
    public final Credential getCredential() {
        try {
            CriteriaSet criteriaSet = new CriteriaSet();
            criteriaSet.add(new EntityIdCriterion(this.privateKeyAlias));
            return this.credentialResolver.resolveSingle(criteriaSet);
        } catch (ResolverException e) {
            throw new SAMLException("Can't obtain SP private key", e);
        }
    }

    protected final KeyInfo generateKeyInfoForCredential(Credential credential) {
        try {
            return getKeyInfoGenerator().generate(credential);
        } catch (SecurityException e) {
            throw new SAMLException("Unable to generate keyInfo from given credential", e);
        }
    }
}
